Quoting Valdis.Kletnieks@vt.edu (Valdis.Kletnieks@vt.edu):> On Thu, 08 Mar 2007 17:58:16 EST, Mimi Zohar said:> > This is a request for comments for a new Integrity Based Access> > Control(IBAC) LSM module which bases access control decisions> > on the new integrity framework services. > > > > (Hopefully this will help clarify the interaction between an LSM > > module and LIM module.)> > OK, between this and the additional LIM hooks I didn't notice in an earlier> patch, we're starting to see the API. The only problem is that although> it may be the right API for *your* code, I suspect it's a non-starter without> a discussion about whether it's the right *generic* API for an LIM (which will> require at least one dramatic bun fight about what "Integrity" means).

Casey's earlier message suggested this too. 'Integrity' here inparticular does not mean online integrity guarantees through, i.e.,information flow control. So perhaps instead of 'integrity' we shouldmake sure to always say 'integrity measurement'. Of course then thereis already the 'integrity measurement architecture' which is only oneimplementation of a LIM module, right? So it would need to be renamedto TIMA (TPM-enabled IMA) or something I guess.